How to write a query to find event count of source ip greater than 10000 in 30mins? Aggregate view should display source Ip and corresponding destination IP's(with count). I have written query to fetch the source Ip(event count more than 10000) but could not able to display corresponding destination IP's with count. Threshold 10000 is greater than overall count for the source ip
Please sign in to leave a comment.